Skip to main content

Router vulnerability exploited to hijack Chromecasts and promote PewDiePie on YouTube

Avatar for Abner Li  | Jan 2 2019 - 5:19 pm PT
0 Comments
white chromecast 2018

Certain hackers in recent weeks have exploited tech vulnerabilities to promote internet sensation PewDiePie. The latest attempt involves Casting a video promoting the YouTube creator onto Chromecast devices, including smart TVs, by taking advantage of a vulnerability on some routers.

Over the past few days, some Chromecast owners have reported (via The Verge) that their televisions are playing a specific YouTube video over-and-over. Mimicking a warning sign, it notes how “YOUR Chromecast/Smart TV is exposed to the public internet.”

These hackers are taking advantage of a flaw related to Universal Plug and Play (UPnP) on some routers. Google argues that there is no particular vulnerability with Chromecasts and suggests that affected users turn off UPnP on their routers to stop the unauthorized Casting. This is also the same advice being offered by the hackers.

UPnP is short for Universal Plug and Play. It’s a protocol that lets UPnP-enabled devices on your network automatically discover and communicate with each other, as well as create more direct channels of communication with the internet.

This unauthorized Casting is due to bad UPnP implementations on some routers that expose “every internal port by default.” As a result of this access, the nefarious YouTube video — which has been viewed 4,162 times as of Wednesday evening — can be Casted by an outside party.

On the Google front, there have been some claims in the past that Cast devices are not secure due to an API used by the Google Home companion app for device-to-device communication on the same Wi-Fi network.

The second intent of this almost PSA-like “CastHack” is to promote PewDiePie as part of an ongoing subscriber count battle. Users who see this message are asked to subscribe to the YouTube creator. The hackers behind this particular attack caused printers around the world in November to print similar subscribe messages. Another party was behind the hack of the Wall Street Journal website last month.

Check out 9to5Google on YouTube for more news:

Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Comments

Guides

YouTube

YouTube

YouTube is Google's massive video streaming plat…
Chromecast

Chromecast

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com